#!/bin/bash
echo "----------------------------------------------------------------------"
echo "close some services"
{
chkconfig --level 3 auditd off
chkconfig --level 3 ip6tables off
chkconfig --level 3 netconsole off
chkconfig --level 3 netfs off
chkconfig --level 3 postfix off
chkconfig --level 3 rdisc off
chkconfig --level 3 restorecond off
chkconfig --level 3 saslauthd off
chkconfig --level 3 kdump off
chkconfig --level 3 udev-post off
}  > /dev/null 2>&1
#{
#cat <<'XUNLEI'
#1 1 * * * /usr/sbin/ntpdate ntp.cc.sandai.net &
#XUNLEI
#} > /var/spool/cron/root

#Disable SeLinux
echo "Disable SeLinux"
setenforce 0
if [ -s /etc/selinux/config ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
fi

#close TTY 3-6
echo "close TTY 3-6"
sed -i "/ACTIVE_CONSOLES/s#6#2#g" /etc/init/start-ttys.conf 
sed -i "/ACTIVE_CONSOLES/s#6#2#g" /etc/sysconfig/init
mv /usr/sbin/sendmail /usr/sbin/sendmail.old >/dev/null 2>&1
{
initctl stop tty TTY=/dev/tty2
initctl stop tty TTY=/dev/tty3
initctl stop tty TTY=/dev/tty4
initctl stop tty TTY=/dev/tty5
initctl stop tty TTY=/dev/tty6

} > /dev/null 2>&1

#close IPV6
echo "close IPV6"
sz=`lsmod|grep ipv6|wc -l`
if [ $sz -gt 0 ];then
{
cat <<'XUNLEI'
alias net-pf-10 off
options ipv6 disable=1
XUNLEI
} > /etc/modprobe.d/ipv6.conf
echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf
fi
sz=`grep -c "NETWORKING_IPV6" /etc/sysconfig/network`
if [ $sz -eq 0 ];then
sed -i "/NETWORKING=yes/aNETWORKING_IPV6=no" /etc/sysconfig/network
sed -i "/NETWORKING_IPV6/s#yes#no#g" /etc/sysconfig/network
fi
#close IPV6 END

echo "lock some users"
{
passwd -l xfs
passwd -l news
passwd -l nscd
passwd -l dbus
passwd -l vcsa
passwd -l games
passwd -l nobody
passwd -l avahi
passwd -l haldaemon
passwd -l gopher
passwd -l ftp
passwd -l mailnull
passwd -l pcap
passwd -l mail
passwd -l shutdown
passwd -l halt
passwd -l uucp
passwd -l operator
passwd -l sync
passwd -l adm
passwd -l lp

} > /dev/null 2>&1

#optimizer sshd_config
echo "optimizer sshd_config"
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/" /etc/ssh/sshd_config

#limits_config
sz=`grep -c "65535\|65536" /etc/security/limits.conf`
if [ $sz -eq 0 ];then
cat >> /etc/security/limits.conf <<EOF 
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
* soft core unlimited
EOF
fi
sed -i 's/1024/65535/g' /etc/security/limits.d/90-nproc.conf

# git bash_completion
[ -f /etc/bash_completion.d/git ] && echo 'source /etc/bash_completion.d/git' >> /etc/profile

echo "set important files md5"
cat > /tmp/list << EOF
/bin/ping
/bin/finger
/usr/bin/who
/usr/bin/w
/usr/bin/locate
/usr/bin/whereis
/sbin/ifconfig
/bin/pico
/bin/vi
/usr/bin/vim
/usr/bin/which
/usr/bin/gcc
/usr/bin/make
/bin/rpm
/bin/ps
/bin/netstat
EOF


echo "###########################" >>/var/log/`hostname`.log
echo `date` >>/var/log/`hostname`.log
for i in `cat /tmp/list`
do
if [ -x $i ];then
md5sum $i >> /var/log/`hostname`.log
fi
done
rm -f /tmp/list


echo "=============System Init Complete============"

